PC World - Student Who Uncovers Breach Escapes Expulsion
PC World - Student Who Uncovers Breach Escapes Expulsion
A student at Western Oregon University discovered a file that contained between 50 and 100 student names and social security numbers sitting on a public server at the university.
He then turned it over to the school newspaper and then reported it to the appropriate people at the university.
Two months into the investigation, Loving — who is now a staffer with the newspaper — was found to have broken a university computer use policy that prohibits unauthorized people from accessing confidential files that may have been inadvertently placed in a publicly accessible location.
Since you can’t know whether or not the data is confidential until after you open the file, this is just another case of an institution saying that someone else is to be blamed and punished for the institutions incompetence.
Why was somebody punished for reporting the incident, while nobody was punished for putting the file where it would be exposed to the world at large?
I will assume that either it was done by somebody who has major juice with the university, or there’s no rule against exposing this sort of data, only a rule against accessing it.
Discussion Area - Leave a Comment